<?php
chdir('../');

require('includes/setUp.php');
  
/**
 * TODO: user check, data check
 */
if (!isset($_POST["comment"]) || $user != null)
  globalFunc::redirect(WebRoot.'index.php?errMsg='.rawurlencode(T_('You have to be logged on!')));

try {
  $photo = $db->find('Photo',$_POST['idPhoto']);

  if ($photo->Album->ProtectionName == 'private' && !$photo->Album->AllowedUsers->contains($user))
    globalFunc::redirect(WebRoot.'index.php?errMsg='.rawurlencode(T_('You can\'t comment that photo!')));

  $comment = new Comment();
  $comment->User = $user;
  $comment->Text = $_POST['comment'];
  $comment->Photo = $photo;

  $db->persist($comment);
  $db->flush();

} catch (Exception $ex) {
  globalFunc::redirect(WebRoot.'index.php?errMsg='.rawurlencode($ex->getMessage()));
}

globalFunc::redirect(null, '#'.$_POST['idPhoto']);

